Presentation Title: Exploiting the Intranet With a Webpage - Is JavaScript the New Shellcode?Presentation Details:

Web browsers are installed on virtually every contemporary desktop computer, only few companies refuse their employees to access the web via http and the evolution of active technologies like JavaScript, Java or Flash has slowly but steadily transformed the web browser into a rich application platform. For these reasons, the browser was recently (re)discovered as a convenient tool to smuggle malicious code behind the boundaries of the company firewall. While earlier related attacks required the existence of a security vulnerability in the browser’s source code or libraries, the attacks which are covered in this talk simply employ the legal means that are provided by today’s browser technology.

In the last year, people like Jeremy Grossman, RSnake, Amit Klein, pdp (architect) or Yours Truly (re)invented, combined and refined techniques in using malicious JavaScript for example to:

a) obtain the (internal) IP address of the hosting web browser,
b) portscan the lan to locate intranet http servers,
c) fingerprint these http servers using well known URLs
d) and (sometimes) exploiting them via CSRF or
e) access the servers content and leak it to the outside by breaking DNS pinning.

This talk will give a round up of the state-of-the-art in the domain of “JavaScript Malware'’, while trying to put the actual danger in perspective to the recent hype. In addition we will present “LocalRodeo”, a Firefox extensions written to counter the specified attacks.

About Martin

Martin Johns studied Mathematics and Computer Science at the Universities of Göttingenn (Germany), Santa Cruz (CA) and Hamburg (Germany) where he received his diploma in 2003. During the 1990ties and the early years of the new millennium he earned his living as a software engineer in German companies (including Infoseek Germany, TC Trustcenter and SAP). 2005 he joined the “security in distributed systems” group at the University of Hamburg to work on the project “Secologic”, which is investigating the state of the art in software security.